Skip to content

Bump step-security/harden-runner from 2.19.1 to 2.19.3#471

Merged
soumeh01 merged 1 commit into
mainfrom
dependabot/github_actions/step-security/harden-runner-2.19.3
May 18, 2026
Merged

Bump step-security/harden-runner from 2.19.1 to 2.19.3#471
soumeh01 merged 1 commit into
mainfrom
dependabot/github_actions/step-security/harden-runner-2.19.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 17, 2026
edited
Loading

Bumps step-security/harden-runner from 2.19.1 to 2.19.3.

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.3

What's Changed

Full Changelog: step-security/harden-runner@v2.19.2...v2.19.3

v2.19.2

What's Changed

  • Update the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.

Full Changelog: step-security/harden-runner@v2.19.1...v2.19.2

Commits
  • ab7a940 Merge pull request #665 from step-security/fix/use-policy-store-default-audit
  • ec41b78 Default to audit mode when api-key missing with use-policy-store
  • 9ca718d Merge pull request #664 from step-security/update-agent-v1.8.5
  • 1dee3df Update agent to v1.8.5
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 17, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 17, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/step-security/harden-runner ab7a9404c0f3da075243ca237b5fac12c98deaa5 🟢 8.1
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 1016 out of 16 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1016 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities⚠️ 28 existing vulnerabilities detected
actions/step-security/harden-runner ab7a9404c0f3da075243ca237b5fac12c98deaa5 🟢 8.1
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 1016 out of 16 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1016 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities⚠️ 28 existing vulnerabilities detected

Scanned Files

  • .github/workflows/release.yml
  • .github/workflows/tpip-check.yml

@soumeh01
Copy link
Copy Markdown
Collaborator

soumeh01 commented May 18, 2026

@dependabot recreate

@dependabot
Bump step-security/harden-runner from 2.19.1 to 2.19.3
c9f7cc8 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.1 to 2.19.3.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@a5ad31d...ab7a940)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.19.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/step-security/harden-runner-2.19.3 branch from e73c7a0 to c9f7cc8 Compare May 18, 2026 13:19
@qltysh
Copy link
Copy Markdown

qltysh Bot commented May 18, 2026

Qlty


Coverage Impact

This PR will not change total coverage.

🚦 See full report on Qlty Cloud »

🛟 Help

  • Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

  • Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

  • File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

    • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.

@soumeh01 soumeh01 merged commit 2bf2069 into main May 18, 2026
43 checks passed
@soumeh01 soumeh01 deleted the dependabot/github_actions/step-security/harden-runner-2.19.3 branch May 18, 2026 13:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@soumeh01 soumeh01 soumeh01 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@soumeh01